[Japanese]

JVNDB-2023-000051

Multiple vulnerabilities in T&D and ESPEC MIC data logger products

Overview

Multiple data logger products provided by T&D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below.

* Client-side enforcement of server-side security (CWE-602) - CVE-2023-22654
* Improper authentication (CWE-287) - CVE-2023-27388
* Missing authentication for critical function (CWE-306) - CVE-2023-23545
* Cross-site request forgery (CWE-352) - CVE-2023-27387

CVE-2023-22654
Takaya Noma, Tomoya Inazawa, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-27388
Tomoya Inazawa, Takaya Noma, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-23545
Yudai Morii, Takaya Noma, Tomoya Inazawa, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-27387
Junnosuke Kushibiki, Takaya Noma, Tomoya Inazawa, Yudai Morii, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-27388

CVSS V3 Severity:
Base Metrics 4.2 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.1 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-22654

CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-23545

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-27387
Affected Products


ESPEC MIC Corp.
  • RS-12N all firmware versions
  • RT-12N all firmware versions
  • RT-22BN all firmware versions
  • TEU-12N all firmware versions
T&D Corporation
  • RTR-5W all firmware versions
  • TR-71W all firmware versions
  • TR-72W all firmware versions
  • WDR-3 all firmware versions
  • WDR-7 all firmware versions
  • WS-2 all firmware versions

Impact

* An arbitrary script may be executed on a logged-in user's web browser - CVE-2023-22654
* An attacker who can access the product may login to the product as a registered user - CVE-2023-27388
* An attacker who can access the product may alter the product settings without authentication - CVE-2023-23545
* If a user views a malicious page while logged in, unintended operations may be performed - CVE-2023-27387
Solution

[Stop using the product]
The developers state that these products had been end of sale in 2014, therefore recommend users to stop using the products.

Until stop using the products, it is recommended that applying following mitigations.

  • Connect the products to the trusted closed network

  • Allow only trusted PCs to access the products

  • Install a WAF to protect the products


Apart from the vulnerabilities, the developers released updates with improved security features for the following products.

  • T&D Corporation's products

    • TR-71W/72W



  • ESPEC MIC CORP.'s products

    • RT-12N/RS-12N




For more details, refer to the information provided by the developers.
Vendor Information

ESPEC MIC Corp. T&D Corporation
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
  2. Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
  3. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2023-23545
  2. CVE-2023-22654
  3. CVE-2023-27387
  4. CVE-2023-27388
References

  1. JVN : JVN#14778242
Revision History

  • [2023/05/19]
      Web page was published

Date Public2023/05/19
Date First Published2023/05/19
Date Last Updated2023/05/19